Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Linux Foundation CKA Exam - Topic 3 Question 63 Discussion

Score: 7%TaskCreate a new NetworkPolicy named allow-port-from-namespace in the existing namespace echo. Ensure that the new NetworkPolicy allows Pods in namespace my-app to connect to port 9000 of Pods in namespace echo.Further ensure that the new NetworkPolicy:* does not allow access to Pods, which don't listen on port 9000* does not allow access from Pods, which are not in namespace my-app
A) Explanation: Solution: #network.yaml apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-port-from-namespace namespace: internal spec: podSelector: matchLabels: { } policyTypes: - Ingress ingress: - from: - podSelector: { } ports: - protocol: TCP port: 8080 #spec.podSelector namespace pod kubectl create -f network.yaml

Linux Foundation CKA Exam - Topic 3 Question 63 Discussion

Actual exam question for Linux Foundation's CKA exam
Question #: 63
Topic #: 3
[All CKA Questions]

Score: 7%

Task

Create a new NetworkPolicy named allow-port-from-namespace in the existing namespace echo. Ensure that the new NetworkPolicy allows Pods in namespace my-app to connect to port 9000 of Pods in namespace echo.

Further ensure that the new NetworkPolicy:

* does not allow access to Pods, which don't listen on port 9000

* does not allow access from Pods, which are not in namespace my-app

Show Suggested Answer Hide Answer
Suggested Answer: A

by Matt at Jun 19, 2024, 11:55 AM

Limited Time Offer

25%

Off

Get Premium CKA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Theron
6 months ago
This is a solid start, but double-check the ingress rules!
upvoted 0 times
...
Terry
6 months ago
Just a heads up, make sure the podSelector is properly defined.
upvoted 0 times
...
Angelo
7 months ago
Wait, why is the namespace set to "internal"? Shouldn't it be "echo"?
upvoted 0 times
...
Bambi
7 months ago
Totally agree, that’s a crucial detail!
upvoted 0 times
...
Jestine
7 months ago
Looks like the port should be 9000, not 8080.
upvoted 0 times
...
Tuyet
7 months ago
I remember that we have to define both the ingress rules and the podSelector, but I can't recall the exact syntax for matching the namespace.
upvoted 0 times
...
Rickie
7 months ago
I'm a bit confused about the port number; I thought we were supposed to allow access to port 9000, but the example shows port 8080.
upvoted 0 times
...
Meaghan
8 months ago
I practiced a similar question where we had to restrict access based on labels, so I think we need to use podSelector correctly here.
upvoted 0 times
...
Gary
8 months ago
I think I remember that we need to specify the correct namespace for the NetworkPolicy, but I'm not sure if "internal" is the right one.
upvoted 0 times
...
Margo
8 months ago
This seems straightforward enough. I'll just need to make sure I get the YAML syntax correct for the NetworkPolicy.
upvoted 0 times
...
Elina
8 months ago
Okay, I think I've got a plan. I'll create the NetworkPolicy in the echo namespace and use the podSelector and from fields to target the right Pods.
upvoted 0 times
...
Rossana
8 months ago
Hmm, I'm a bit confused about the namespace requirements. I'll need to double-check the details to make sure I understand which namespaces are involved.
upvoted 0 times
...
Tennie
8 months ago
This looks like a tricky one. I'll need to carefully read through the requirements and think through the steps to create the NetworkPolicy.
upvoted 0 times
...
Adrianna
8 months ago
I'm feeling pretty confident about this one. I've worked with NetworkPolicies before, so I should be able to knock this out quickly.
upvoted 0 times
...
Johnetta
8 months ago
Hmm, this seems pretty simple, but I want to double-check a few things. Do I need to do anything special with the ifdown/ifup commands, or is that just to make sure the changes take effect? And is there anything else I need to do to enable IP forwarding on the lab server, or is that already taken care of?
upvoted 0 times
...
Vallie
2 years ago
I'm a bit concerned about the 'does not allow access from Pods, which are not in namespace my-app' part. Shouldn't we also specify the 'from' selector in the ingress rule?
upvoted 0 times
Lettie
2 years ago
Let's update the NetworkPolicy yaml file to include the 'from' selector for the ingress rule. That way, we can restrict access to only Pods in the my-app namespace.
upvoted 0 times
...
Merlyn
2 years ago
That makes sense. We need to ensure that only Pods from the my-app namespace can access port 9000 in the echo namespace.
upvoted 0 times
...
Tegan
2 years ago
Yes, you're right. We should add the 'from' selector in the ingress rule to specify Pods in the my-app namespace.
upvoted 0 times
...
Ariel
2 years ago
Agreed, let's update the ingress rule to include the 'from' selector for Pods in namespace my-app.
upvoted 0 times
...
Frank
2 years ago
That's a good point. We need to make sure only Pods from namespace my-app can access port 9000.
upvoted 0 times
...
Dick
2 years ago
Yes, you're right. We should add the 'from' selector in the ingress rule to specify Pods in namespace my-app.
upvoted 0 times
...
...
Ryan
2 years ago
I feel confident about this question, I have practiced similar tasks before.
upvoted 0 times
...
Sommer
2 years ago
Haha, the question says 'ensure that the new NetworkPolicy allows Pods in namespace my-app to connect to port 9000', but the solution is using port 8080. Someone needs to pay more attention to the details!
upvoted 0 times
Loren
2 years ago
Yeah, attention to detail is key in these scenarios. Port numbers matter!
upvoted 0 times
...
Pamella
2 years ago
Oops, looks like they made a mistake in the solution. It should be port 9000, not 8080.
upvoted 0 times
...
...
Elinore
2 years ago
Wait, aren't we supposed to allow access to port 9000, not 8080? I think I see a typo in the solution.
upvoted 0 times
Jesusa
2 years ago
Let's update the network.yaml file to specify port 9000 instead of 8080. That should fix the issue.
upvoted 0 times
...
Talia
2 years ago
You're right, there seems to be a mistake in the solution. We should allow access to port 9000, not 8080.
upvoted 0 times
...
...
Elli
2 years ago
I think the key is to carefully follow the instructions and use the provided solution as a guide.
upvoted 0 times
...
Anissa
2 years ago
I agree, creating a new NetworkPolicy can be challenging.
upvoted 0 times
...
Yun
2 years ago
This question seems tricky.
upvoted 0 times
...
Christa
2 years ago
Hmm, the question seems straightforward enough, but I'm a bit confused about the namespace part. Shouldn't it be 'echo' instead of 'internal'?
upvoted 0 times
Hannah
2 years ago
Make sure to update the namespace in the NetworkPolicy to 'echo' for it to work correctly.
upvoted 0 times
...
Billy
2 years ago
Yes, the namespace in the NetworkPolicy should match the existing namespace 'echo'.
upvoted 0 times
...
Curt
2 years ago
You're right, the namespace should be 'echo' instead of 'internal'.
upvoted 0 times
...
...

Save Cancel